2024 cybersecurity wrapped: the year of politically motivated cyberattacks

Looking back at 2024, geopolitical events and issues dominated the news agenda. This was led by major conflicts, such as the ongoing Israel-Hamas and Russia-Ukraine wars, and a record-breaking number of global elections, including in the UK, USA, and India, which all held leadership elections. Political events like these not only took place in the physical world, but also spilt over into the cyber realm.

Per its latest Threat Intelligence Report, NETSCOUT observed a 12 percent rise in distributed denial-of-service (DDoS) attacks in the first half of 2024, compared to the last six months of 2023, many of which were politically motivated. Regional attack activity also increased, with Europe, the Middle East, and Africa (EMEA) experiencing a 25 percent surge. Additionally, attackers have also increasingly leveraged sophisticated DDoS platforms that offer automation features – including attack scheduling, dynamic vector adjustment, and repetition – to maintain pressure on targets.

High-profile DDoS attack activity that took place this year globally included:

• A barrage of cyber assaults against Sweden as it joined NATO
• A surge in attack activity following Venezuela’s controversial presidential election
• Pro-Russian threat actors targeting Japanese organisations following the nation’s call for increased participation in US-led military alliance

As the end of the year approaches, Richard Hummel, threat intelligence lead for NETSCOUT, examines the rise in geopolitically motivated DDoS attacks in 2024 and the proactive measures organisations should implement to safeguard themselves from these cyberattacks:

“From a cybersecurity perspective, 2024 will largely be remembered as the year in which geopolitically motivated hacktivists upped the ante. The trend of DDoS attacks being used as a form of protest or political activism in the digital space was a theme throughout the year; hacktivist groups targeted any nation or group that opposed their ideologies, as was the case in Japan.

“In terms of the targets themselves, threat actors expanded their focus to include more specific critical infrastructure, such as financial services, healthcare institutions, and government bodies. This resulted in a marked increase in the frequency and intensity of daily attacks against these industries during and immediately following election campaigns. The aim: to cause maximum disruption to public life, drawing attention to cyber criminals’ political agendas.

“With geopolitically motivated DDoS hacktivism showing no signs of relenting, governments, enterprises, and service providers must utilise comprehensive detection and mitigation strategies. These solutions will track and block malicious traffic, and utilise internal and external detections. Along with this, cross-sector collaboration should become more commonplace, allowing enterprises to enhance their resilience against the backdrop of the ever-expanding threat landscape.”